Posts

Better Together: The Role of Women in Securing Our World

During a fireside chat last fall, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly summed up the forward-looking stance that’s come to characterize her tenure. “We need to look at the possible,” she told audience members. “We’re all in this together.”

This philosophy of togetherness is what underpins the events of Cybersecurity Awareness Month each October. Every year, government agencies and the cybersecurity community come together to encourage individuals to play a more active role in keeping every aspect of our digital lives safe.

But this year’s Cybersecurity Awareness Month has been a true inspiration — and not just because it’s the 20th anniversary year. This October CISA also announced its new, enduring cybersecurity awareness program, “Secure Our World.” This exciting initiative was designed to encourage greater cyber-awareness across the U.S. by sharing ways that individuals, families, and small- and medium-sized businesses can minimize threats to our online universe.

With Secure Our World, Easterly and her team have done an amazing job of distilling a highly complex set of concepts into a powerful, bite-sized story. Some of the messages may be a bit oversimplified for those with working knowledge of cybersecurity, but given how uncommon this sort of knowledge still is, it’s definitely a step in the right direction.

Information security has been designated a government-wide high-risk area since 1997, and the federal government has focused on protecting critical cyber infrastructure since 2003. At no point in the 20 years since then has there been such a concerted and ongoing effort, globally or across the United States, to educate everyone about the importance of cybersecurity and our role in keeping our lives, and our families’ lives, secure. Dare I say it took a woman at the helm of CISA to help tell that story?

This sort of unique perspective is one of the reasons why it’s important to encourage women to enter the cybersecurity field. Today, the industry is only 25% female. And while that’s up dramatically from the 10% in 2013, women are still highly underrepresented.

This is unfortunate not just because women can bring so much to the cybersecurity community, but also because cybersecurity can offer such a fulfilling and enjoyable career. It certainly has been for me: I got my start with the Sourcefire marketing team, just after they were acquired by Cisco. The team — including then-CMO Marc Solomon, CP Morey, Jennifer Leggio and the company’s badass threat research team — welcomed me in.

While cybersecurity has its ups and downs like any industry, it’s been more than a dozen incredibly educational and rewarding years, and I’ve never looked back. Now that I’ve joined the team here at SonicWall, I’m super excited to bring my industry knowledge to a company with a rich history spanning decades. I joined SonicWall because of its phenomenal culture and established place in the cybersecurity industry, and because of its loyal partners.

I wholeheartedly agree with SonicWall’s vision. SonicWall is elevating its game, both in terms of empowering our partners and in upleveling our product and solution offerings. I’m excited for the chance to do my part to help further that journey.

It isn’t just a pivotal time for SonicWall, though. It’s a pivotal moment for cybersecurity in general. My work in cybersecurity has opened my eyes to so many dangers that a lot of people don’t even think about — and these risks are growing and expanding to some unexpected places.

I have a five-year-old and, unlike many of their friends, they don’t have a tablet. This might sound extreme, but I believe that if you leave online connected devices anywhere in your house, you’re basically letting a stranger into your home. From baby monitors that can be hacked to allow strangers to watch your children, to (often poorly secured) devices that track things like biometric data and the layout of your home, you can never be sure who’s watching what — or what they’ll do with the info they have.

This lack of visibility is just one of the reasons that initiatives like Secure Our World are so important. While there are so many benefits to the online world, risks abound. As end users, as employees, as parents — as citizens — we have to be more diligent about how we go about our digital lives. We can’t afford to see cybersecurity as “something tech workers do.” It must become something that all of us do.

That’s why, as a woman working in cybersecurity, I’m so excited to see what the future of CISA’s awareness initiatives holds. If this program someday becomes as well-known as, say, “Click It or Ticket” or “Safe to Sleep,” imagine how much more informed and safer the world could be!

How SonicWall Adheres to GDPR Requirements

On May 25, the General Data Protection Regulation (GDPR) will officially go into effect. Like with any major legal reform, questions arise about timing, application, ramifications and more. With the GDPR mandate’s focus on privacy and related data, questions have increased tenfold.

SonicWall is working hard to ensure compliance with GDPR requirements. SonicWall takes information security seriously and has implemented policies and procedures for safeguarding personal data that is stored, processed and/or transferred by SonicWall.

These policies and procedures include, without limitation, physical and logical access restrictions, data classification, access rights, credentialing programs, record retention, data privacy, information security and the treatment of personal data and sensitive personal data throughout its lifecycle.

To help clarify how SonicWall products and services are impacted by GDPR policies, please review the following.

What is the GDPR?

The GDPR is legislation enacted by the European Union (EU) to protect all EU citizens from privacy and data breaches. The GDPR applies to companies and organizations located in the EU, as well as to companies outside the EU that collect, use, transmit or store personal data of EU citizens, regardless of where the activities take place. At a high level, GDPR:

  • Takes effect on May 25, 2018
  • Applies generally to organizations located in the EU, as well as those outside the EU that handle the personal data of EU citizens
  • Applies specifically to data controllers and data processers; with a controller being a company that determines the purposes and means of processing personal data, while a processor is responsible for processing personal data on behalf of a controller
  • Is designed to protect the personal data of EU citizens, which is defined as any information about an identifiable person
  • Requires organizations to give individuals access to and control over their data, and to take reasonable measures to protect it

Does the GDPR apply to SonicWall products?

Yes, but only to a very limited extent. SonicWall products help customers enable security in their networks (and to thus better comply with the GDPR), but SonicWall generally does not have access to, nor does it collect or use, the personal data of individuals.

The GDPR, therefore, does not apply to SonicWall products in most cases. Our customers’ use of our products by itself does not subject SonicWall to GDPR.

However, if SonicWall hosts a solution that is sold to a customer and the hosted solution allows a customer to access or use personal data in that hosted environment, then SonicWall may be subject to certain aspects of the GDPR. In those cases, SonicWall must ensure that adequate security is in place to protect that hosted environment.

In summary:

  • SonicWall typically does not collect, store or transmit the personal data of natural individuals in the EU
  • The GDPR does not apply to SonicWall firewall hardware appliances without a subscription to the SonicWall Capture Advanced Threat Protection sandbox service
  • GDPR may apply to the SonicWall Capture Cloud Platform to the extent it enables end-user designated personnel to access their network data in an environment hosted by SonicWall
  • Where GDPR applies, it requires SonicWall to have adequate network security for its hosted environment
  • SonicWall expects to be compliant with the GDPR by May 25, 2018, to the extent it applies to the company’s range of security solutions and services
  • SonicWall is undertaking a comprehensive third-party audit to confirm the compliance of its products and solutions

GDPR and SonicWall hosted solutions

Presently, SonicWall directly maintains a majority of the systems used for our hosted solutions versus outsourcing this activity to a third party.

In the limited circumstances that SonicWall leverages third-party services, SonicWall works to ensure that it and its third-party provider have the appropriate safeguards in place to protect personal data as required by GDPR. SonicWall uses a number of technological and operational approaches in its physical security program to mitigate security risks to the extent reasonably practicable.

Our team is working to determine that appropriate measures are in place to prevent unauthorized persons from gaining access to systems within which data is processed and continually monitor any changes to the physical infrastructure, business and known threats.

We are also considering best practice measures used by others in the industry while balancing its approach toward security by considering elements of control that include architecture, operations and systems.

SonicWall customers are given the opportunity to choose the location of their primary data center where their information will be hosted. However, limited data may be transferred to other SonicWall locations for the purpose of providing services to our customers.

Can SonicWall help companies become GDPR-compliant?

SonicWall acts as a provider of network security and content-based security solutions, and security of data is a key aspect in achieving data privacy principles.

We assist companies to secure their data in a smarter way. In the wake of burgeoning legislation and increased hacker intelligence, it is vital for organizations to encrypt their traffic and files, whether these are stored online or offline.

Using high-performance Deep Packet Inspection, SonicWall can spot malware and other nefarious traffic and behavior from among encrypted files, further safeguarding an organization.

SonicWall provides industry-leading machine learning technology to detect and block zero-day malware. We address advanced cyber threats, “malware cocktails” and related ransomware no matter if they are encrypted or clear, in email, on the web or in file exchange, regardless of the device in use. Our expertise in automated breach prevention means we don’t just spot malware, we prevent attacks from becoming successful.

To learn more about how GDPR applies to SonicWall products and services, please review the official SonicWall Privacy Statement.